The present invention relates generally to a system for preventing the leakage of personal information and, more particularly, to a system and method for checking a legitimate authentication message, which determine whether a source that sent an authentication message to a mobile communication terminal of a user is a reliable source, thus preventing damages such as the leakage of personal information and micropayment fraud caused by pharming and smishing.
With the high-speed realization, popularization and diversification of the Internet, the Internet not only provides much convenience to people, but also causes many undesirable side effects. The leakage of data, the forgery and falsification of data, and the illegitimate use and leakage of personal information over the Internet may be regarded as such side effects. In particular, as accidents such as the leakage of personal information have recently and frequently occurred, the protection of personal information and the exact identification of persons have emerged as problems. In order to solve such problems, various online identification methods have been presented.
One of the identification methods is an identity authentication method using a mobile phone. Typically, identity authentication using a mobile phone is configured to identify a user himself or herself using personal information registered in a mobile communication company, and perform possession-based authentication using a Short Message Service (SMS) including an authentication number so as to determine whether the user possesses the mobile phone.
In this way, various types of security services have been utilized to protect personal information. However, hacking techniques have more and more diversified and intelligent.
In particular, widely attempted are pharming and smishing techniques, which force a user to access a fake webpage (hereinafter referred to as a “pharming website”) even if the user enters an exact webpage address via his or her web browser and which cause the personal information of the user to be stolen. Accordingly, there is worry that this may result in larger damage than in the case of a conventional phishing technique.
Further, pharming is performed in such a way that, when a user accesses a pharming website and uses a service requiring identity authentication using a mobile phone, a fake authentication message (hereinafter referred to as a “pharming authentication message”) required for mobile phone possession-based authentication for identity authentication is sent to the mobile communication terminal of the user, thus prompting the user to be authenticated.
In this case, the user does not recognize that he or she accesses the pharming website and will trust the corresponding website upon receiving even the authentication message.
Further, smishing is configured to send an SMS message such as a free coupon, a smart statement, and a mobile gift certificate (hereinafter referred to as a “smishing message”) and to install a malicious code at the moment at which the user clicks an address in the message, extract personal information, and perform micropayments in the name of the user.
As described above, a conventional mobile communication terminal is problematic in that it is impossible to determine whether a received SMS message is a legitimate message, thus causing the user to easily suffer financial fraud attributable to pharming and smishing techniques.
Further, a conventional identity authentication method is problematic in that it is impossible for the user to determine whether a received authentication message is a pharming authentication message or a legitimate authentication message.
Furthermore, the conventional identity authentication method is problematic in that the user does not know whether the received authentication message is a legitimate authentication message, trusts the received message, and enters an authentication number, thus causing personal information to be easily leaked. Furthermore, a serious problem may arise in that users are damaged by being financially swindled.